def tracing(): global PRE_ADDR event = idc.GetDebuggerEvent(idc.WFNE_ANY, -1) if event <= 1: idc.RunTo(idc.BeginEA()) idc.GetDebuggerEvent(idc.WFNE_SUSP, -1) idc.EnableTracing(idc.TRACE_STEP, 1) idc.GetDebuggerEvent(idc.WFNE_ANY | idc.WFNE_CONT, -1) while True: event = idc.GetDebuggerEvent(idc.WFNE_ANY, -1) if event <= 1: break addr = idc.GetEventEa() print event, "==>", hex(addr) # judge breakpoint and same addr if PRE_ADDR != addr: PRE_ADDR = addr else: # same addr if event == idc.BREAKPOINT: # and now is breakpoint break current_color = idc.GetColor(addr, idc.CIC_ITEM) new_color = get_new_color(current_color) idc.SetColor(addr, idc.CIC_ITEM, new_color)
def start_trace(): idc.ClearTraceFile('') idc.EnableTracing(idc.TRACE_INSN, 1) idc.SetStepTraceOptions(idc.ST_OVER_LIB_FUNC)
def disable_trace(): idc.EnableTracing(idc.TRACE_INSN, 0)
trace.unhook() except Exception as e: pass if __name__ == "__main__": # 如果在入口处开始Trace,要将入口断点修改为Trace # 参数初始化: trace_file = "C:\\Users\\zhang\\Desktop\\result.trace.txt" trace_end_addr = 0x75196359 # Install the debug hook trace = TraceAnalysis(trace_file) trace.hook() # Stop at the entry point ep = idc.get_inf_attr(idc.INF_START_IP) request_run_to(ep) # Start debugging run_requests() # Set trace limit trace.trace_limit["start"] = ep # trace.trace_limit["end"] = idaapi.get_dword(idautils.cpu.esp) trace.trace_limit["end"] = trace_end_addr print("start: %08x ~ %08x" % (trace.trace_limit["start"], trace.trace_limit["end"])) # Enable tracing() idc.EnableTracing(idc.TRACE_STEP, 1)